W3C home > Mailing lists > Public > public-webapi@w3.org > April 2008

Re: [selectors-api] NSResolver moving nodes between documents

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Mon, 14 Apr 2008 18:25:08 -0500
Message-ID: <4803E7D4.8050006@mit.edu>
To: Jonas Sicking <jonas@sicking.cc>
CC: "Web APIs WG (public)" <public-webapi@w3.org>

Jonas Sicking wrote:
> 1. Parse selector
> 2. Walk the DOM and create result using parsed selector.

That seems like the obvious approach.

> This way it is ok if the NSResolver mutates the DOM in any fashion. The 
> result returned from the function will simply be based on what the DOM 
> looks like after step 1 is done executing.

There's one security consideration here, though:  Say at the end of the mutation 
the script that called querySelector is no longer same-origin with the node that 
the method was called on.  What should happen?  Immediate exception?  Return the 
nodes but not allow the caller to actually access them?  Something else?

My gut feeling is that "immediate exception" is the right thing to be doing...

Received on Monday, 14 April 2008 23:25:48 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:26 UTC